GDPR

• Chapter 1 (Art. 1-4) General Provisions
  • 1 Subject Matter and objectives
  • 2 Material Scope
  • 3 Territorial Scope
  • 4 Definitions
• Chapter 2 (Art. 5-11) Principles
  • 5 Principles relating to processing of personal data
  • 6 Lawfulness of processing
  • 7 Conditions for consent
  • 8 Conditions applicable to child’s consent in relation to information society services
  • 9 Processing of special categories of personal data
  • 10 Processing of personal data relating to criminal convictions and offences
  • 11 Processing which does not require identification
• Chapter 3 (Art. 12 – 23) Rights of the data subject
  • 12 Transparent information, communication and modalities for the exercise of the rights of the data subject
  • 13 Information to be provided where personal data are collected from the data subject
  • 14 Information to be provided where personal data have not been obtained from the data subject
  • 15 Right of access by the data subject
  • 16 Right to rectification
  • 17 Right to erasure (‘right to be forgotten’)
  • 18 Right to restriction of processing
  • 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • 20 Right to data portability
  • 21 Right to object
  • 22 Automated individual decision-making, including profiling
  • 23 Restrictions
• Chapter 4 (Art. 24 – 43) Controller and processor
  • 24 Responsibility of the controller
  • 25 Data protection by design and by default
  • 26 Joint controllers
  • 27 Representatives of controllers or processors not established in the Union
  • 28 Processor
  • 29 Processing under the authority of the controller or processor
  • 30 Records of processing activities
  • 31 Cooperation with the supervisory authority
  • 32 Security of processing
  • 33 Notification of a personal data breach to the supervisory authority
  • 34 Communication of a personal data breach to the data subject
  • 35 Data protection impact assessment
  • 36 Prior consultation
  • 37 Designation of the data protection officer
  • 38 Position of the data protection officer
  • 39 Tasks of the data protection officer
  • 40 Codes of conduct
  • 41 Monitoring of approved codes of conduct
  • 42 Certification
  • 43 Certification bodies
• Chapter 5 (Art. 44 - 50) Transfers of personal data to third countries or international organisations
  • 44 General principle for transfers
  • 45 Transfers on the basis of an adequacy decision
  • 46 Transfers subject to appropriate safeguards
  • 47 Binding corporate rules
  • 48 Transfers or disclosures not authorised by Union law
  • 49 Derogations for specific situations
  • 50 International cooperation for the protection of personal data
• Chapter 6 (Art. 51 - 59) Independent supervisory authorities
  • 51 Supervisory authority
  • 52 Independence
  • 53 General conditions for the members of the supervisory authority
  • 54 Rules on the establishment of the supervisory authority
  • 55 Competence
  • 56 Competence of the lead supervisory authority
  • 57 Tasks
  • 58 Powers
  • 59 Activity reports
• Chapter 7 (Art. 60 - 76) Cooperation and consistency
  • 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned
  • 61 Mutual assistance
  • 62 Joint operations of supervisory authorities
  • 63 Consistency mechanism
  • 64 Opinion of the Board
  • 65 Dispute resolution by the Board
  • 66 Urgency procedure
  • 67 Exchange of information
  • 68 European Data Protection Board
  • 69 Independence
  • 70 Tasks of the Board
  • 71 Reports
  • 72 Procedure
  • 73 Chair
  • 74 Tasks of the Chair
  • 75 Secretariat
  • 76 Confidentiality
• Chapter 8 (Art. 77 - 84) Remedies, liability and penalties
  • 77 Right to lodge a complaint with a supervisory authority
  • 78 Right to an effective judicial remedy against a supervisory authority
  • 79 Right to an effective judicial remedy against a controller or processor
  • 80 Representation of data subjects
  • 81 Suspension of proceedings
  • 82 Right to compensation and liability
  • 83 General conditions for imposing administrative fines
  • 84 Penalties
• Chapter 9 (Art. 85 - 91) Provisions relating to specific processing situations
  • 85 Processing and freedom of expression and information
  • 86 Processing and public access to official documents
  • 87 Processing of the national identification number
  • 88 Processing in the context of employment
  • 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • 90 Obligations of secrecy
  • 91 Existing data protection rules of churches and religious associations
• Chapter 10 (Art. 92 - 93) Delegated acts and implementing acts
  • 92 Exercise of the delegation
  • 93 Committee procedure
• Chapter 11 (Art. (94 - 99) Final provisions
  • 94 Repeal of Directive 95/46/EC
  • 95 Relationship with Directive 2002/58/EC
  • 96 Relationship with previously concluded Agreements
  • 97 Commission reports
  • 98 Review of other Union legal acts on data protection
  • 99 Entry into force and application

Chapter 4 (Art. 24 – 43)

Controller and processor

Table of Contents